1. The crowdfunding company must have an appropriate risk governance framework in place that identifies all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of risk on a timely basis.
    
2. A crowdfunding company’s definition and assessment of material risks must take into account its risk profile, nature, size and complexity of its business and structure.
    
3. The crowdfunding company must have in place mitigating action plans for key material risks and monitor these on an ongoing basis.
    
4. The risk governance framework shall address, amongst other key risks, the following areas:
    
   1. Operational risk;
   2. Conduct risk;
   3. Fraud by employees;
   4. Cybercrime and attacks;
   5. Money laundering;
   6. Managing defaults;
   7. Miss-selling risk;² and
   8. Terrorist financing
       
5. The board of the crowdfunding company is ultimately accountable for the risk governance framework.
    
6. The crowdfunding company shall have appropriate governance arrangements in place that include a sufficient focus on risk management and ensure that the Chief Risk Officer, or equivalent, reports directly to the Board with an appropriate reporting line to the Chief Executive Officer or General Manager.
    
7. The crowdfunding company must have a detailed exit plan to provide for the orderly wind down of the crowdfunding company business. The exit plan must also assume that in the event of failure of the crowdfunding company, loans will continue to be administered and lender funds protected.
    

² e.g. how the CFP advertises and how it sells to clients and the appropriateness of messages, among others.